在我的登录页面上,如果有人使用正确的detials登录,他们会转到我的main.php,如果他们没有正确的详细信息,他们应该会显示错误消息,但它会变成空白屏幕!
试图解决这个问题
<?php error_reporting(E_ALL); ini_set('display_errors', 1);
session_start(); // Starting Session
include("connect.php");
$error=''; // Variable To Store Error Message
if (isset($_POST['login'])) {
$username = $_POST['username'];
if ($username == "") {
echo "Username field is empty!";
header("Location: incorrectlogin.php");
}else{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($con,$username);
$password = mysqli_real_escape_string($con,$password);
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysqli_connect("localhost", "root", "", "game");
// Selecting Database
$db = mysqli_select_db($con,"game");
$query = mysqli_query($con,"select * from users where password='$password' AND username='$username'");
$rows = mysqli_num_rows($query) or die(mysqli_error($con));
if ($rows == 1) {
$_SESSION['login_user']=$username;
header("location: main.php");
} else {
echo "That username or password is incorrect";
$error = "Username or Password is invalid";
}
}
}
它可能只是我,但看起来它应该工作,任何想法?
答案 0 :(得分:2)
问题在于此处的错误处理(具有讽刺意味)添加到mysqli_num_rows():
$rows = mysqli_num_rows($query) or die(mysqli_error($con));
当mysqli_num_rows()返回0(未找到任何行)时,此处会触发or die()。由于没有错误,因此mysqli_error()没有输出。
但返回的零行不是错误状态,因此不适合向其添加错误处理。您已经在处理随后返回的行计数:
if ($rows == 1) {
// etc...
}
...这样您就可以安全地删除or die(...)。在前一次调用mysqli_query()时使用该错误处理表达式会更合适,如果SQL字符串无效,则实际上会发生错误。
如果我没有提到以纯文本格式存储用户密码的问题,我也会失职,因为这意味着:
$password = mysqli_real_escape_string($con,$password);
我建议您查看How do you use bcrypt for hashing passwords in PHP,了解如何提高密码存储安全性的真正优秀示例。
答案 1 :(得分:0)
我认为您缺少if声明,可以将整个代码(或)上面和下面几行代码粘贴到代码